gandi: Added support for personal access tokens

2024-03-02 12:17:22 +01:00 · 2024-03-02 12:17:22 +01:00 · 12e9a7c47b
commit 12e9a7c47b
parent 9b7714c39c
2 changed files with 31 additions and 12 deletions
--- a/ddclient.conf.in
+++ b/ddclient.conf.in
@ -199,7 +199,8 @@ ssl=yes					# use ssl-support.  Works with
 ## Single host update
 # protocol=gandi
 # zone=example.com
-# password=my-gandi-api-key
+# password=my-gandi-access-token
+# use-personal-access-token=yes
 # ttl=10800 # optional
 # myhost.example.com

--- a/ddclient.in
+++ b/ddclient.in
@ -730,6 +730,7 @@ my %services = (
            'min-interval'              => setv(T_DELAY,  0, 0, 0,               interval('5m')),
            'server'                    => setv(T_FQDNP,  1, 0, 'api.gandi.net', undef),
            'script'                    => setv(T_STRING, 1, 1, '/v5',           undef),
+            'use-personal-access-token' => setv(T_BOOL, 0, 0, 0, undef),
            'ttl'                       => setv(T_DELAY,  0, 0, undef,           interval('5m')),
            'zone'                      => setv(T_FQDN,   1, 0, undef,           undef),
            # Unused variables.
@ -7455,20 +7456,31 @@ Description of Gandi's LiveDNS API can be found at:
    https://api.gandi.net/docs/livedns/

 Available configuration variables:
-  * password: The Gandi API key. If you don’t have one yet, you can generate
-    your production API key from the API Key Page (in the Security section).
-    Required.
+  * password: The Gandi API key or personal access token. If you don’t have
+    one yet, you can generate a production API key from the API Key Page
+    (in the Security section) or a personal access token from the Gandi
+    Admin application. Required.
+  * use-personal-access-token: Whether the password value is a API key or a
+    personal access token. Defaults to API key. Note that API keys are
+    deprecated by Gandi.
  * zone: The DNS zone to be updated. Required.
  * ttl: The time-to-live value associated with the updated DNS record.
    Optional; uses Gandi's default (10800) if unset.

 Example ${program}.conf file entries:
-  ## Single host update.
+  ## Single host update using API key.
  protocol=gandi
  zone=example.com
  password=my-gandi-api-key
  host.example.com

+  ## Single host update using Personal access token
+  protocol=gandi
+  zone=example.com
+  password=my-gandi-personal-access-token
+  use-personal-access-token=yes
+  host.example.com
+
  ## Multiple host update.
  protocol=gandi
  zone=example.com
@ -7496,7 +7508,13 @@ sub nic_gandi_update {

            my $headers;
            $headers  = "Content-Type: application/json\n";
+            if ($config{$h}{'use-personal-access-token'} == 1) {
+                $headers .= "Authorization: Bearer $config{$h}{'password'}\n";
+            }
+            else
+            {
                $headers .= "Authorization: Apikey $config{$h}{'password'}\n";
+            }